Thursday, March 6, 2008

Here is a quick write up for my daughter’s school on the various ways to filter websites and keep the students productive and safe. Initially the school just wanted to block MySpace but I am sure this list will grow as fast as the internet itself. We will go over two different options on how to block the offending sites. Both of these solutions revolve around how computers use DNS (Domain Naming System) to access websites and information on the internet.

The internet is comprised of millions of computers connected to each other using a systematic numbering system similar to the way millions of telephones are connected to each other by telephone numbers. Rather than an operator directing phone calls to one another, there are special computers on the internet acting as DNS servers that translate names into the the numbering system [IP (internet protocol)] used for routing and finding information.

When a student types a URL into a browser on their PC, the PC will contact a series of DNS servers in order to figure out what the IP address of the URL is. Once the URL such as MySpace.com has been resolved to an IP by a DNS server, the PC then connects directly to the IP address to retrieve the information. For our filtering, we will intercept these request to the DNS server and provide fake information back in order to prevent the connection from happening.

For our first solution, we will edit the HOSTS file. This file is located on the PC at C:\WINDOWS\SYSTEM32\DRIVERS\ETC. Before contacting the DNS servers, PCs will check this file for any overrides and if found use them. This allows us to add a simple entry for MYSPACE.COM resolving to 127.0.0.1 (a non routable address) in the HOSTS file to block access.

Save this file. Note: additional URLs can be added to this file to block additional websites.

Although crude, this method can be effective for most students until a crafty one comes along and figures it out. The student can then also edit this same file and remove the ‘filters’. For the short term, this will be an effective solution.

For the longer term, the school will be implementing a system from a company called OpenDNS. This system sits outside the school’s network and will intercept ALL requests to DNS servers and resolve only the ones deemed by the school’s administration as appropriate. This system, since it is outside the school’s physical network, cannot be altered by the student population no matter how determined. This solution will also help the school satisfy Child Internet Protection Act (CIPA) requirements. OpenDNS provides its services to the public for free making this the best overall solution for the school.

Also note that OpenDNS is free service for the general public as well. School officials can be confident in their recommendations to parents looking for cost effective ways to safeguard their home networks for their children.